UBA Kenya is committed to ensuring the security of its information and information security assets and has implemented an Information Security Management System (ISMS) in accordance with the ISO 27001:2022 standard. The ISMS helps UBA Kenya protect its information and information assets.
The Bank’s senior management demonstrates its commitment to information security by establishing information security objectives and policies and providing the necessary resources to maintain and continuously improve security in the Bank.
– The Board of Directors and management of the United Bank for Africa Kenya are committed to preserving the confidentiality, integrity and availability of all physical and electronic information assets (data, resources) throughout the Bank, to maintain its competitive advantage, cash flow, profitability, legal, regulatory and contractual compliance, as well as its brand image. To this end, the Bank shall establish and enforce an Information Security Management Policy, which shall be subject to systematic and continuous review and improvement, and which shall ensure that the Bank’s information and information security requirements remain aligned with the Bank’s objectives and provide a mechanism for information sharing, electronic communication, online banking/e-commerce, social media and reducing information risks to acceptable levels.
– The Bank’s strategic business plan and risk management framework shall at all times provide the necessary context for the identification, assessment and assessment of information risks, as well as for the selection of control objectives and the implementation of controls to support the treatment of such risks.
– In particular, business continuity and contingency plans, data backup and recovery procedures, malware and intruder control, system access control, and information security incident reporting and management are fundamental elements of the information security policy. The control objectives for each of these areas are addressed in the Information Security Manual and should also be supported by specific and documented policies and procedures, where appropriate.
– The Information Security Department is responsible for managing and updating the bank’s information security risk treatment plan. The IT and Cyber Security Steering Committee and the Risk Management Committee support the implementation, operation and maintenance of the ISMS framework and periodically review the information security policy.
– All employees of the Bank, its contracted staff and third-party service providers are required to comply with the Information Security Policy. All staff and, where appropriate, relevant external parties, will receive the necessary training, education and awareness-raising to this end.
– The information security policy is subject to continuous and systematic review and improvement. The Bank is committed to maintaining the compliance and certification of its ISMS with the globally recognized ISO27001:2022 standard for enterprise information security management systems.
– The information security policy is reviewed at least once a year to take into account any changes in the risk assessment carried out or in the risk treatment plans developed.
– The Board of Directors is the owner of the Information Security Policy and is responsible for ensuring that the Information Security Policy document is reviewed in accordance with the requirements of the Information Security Manual.
– This Information Security Policy has been approved by the Board of Directors and is published in a controlled version under the signature of the Chairman of the Board of Directors.
Below are our ISMS objectives
Ensure that information security and data privacy are well managed within the Bank and that a management framework is established to launch and control the implementation of information security and data privacy within the Bank.
Ensure that management supports the management of information security and data privacy within the company by assigning roles in data security and confidentiality, coordinating and reviewing the implementation of data security and confidentiality throughout the Bank, and submitting policies to the Board of Directors for approval through the Board’s Risk Management Committee.
Ensure that contacts are established with external specialists or security groups, including the relevant authorities, to monitor industry trends, control standards and assessment methods, and provide appropriate contact points when dealing with information security incidents.
Encourage a multidisciplinary approach to information security and data confidentiality.
Ensure that the security of personal data, Bank information and information processing facilities is not compromised by the introduction of third-party products or service.
Ensure that access to personal data, the Bank’s information processing facilities, the processing and communication of the Bank’s information by external parties is controlled.
Ensure that commercial interactions with external parties that may require access to personal data, information and information processing facilities of the Bank, or that involve obtaining or providing a product or service from an external party, are carefully assessed in terms of risks in order to determine security implications
Kenya
Nigeria
Benin
Burkina Faso
Cameroon
Tchad
RDC
Cote d'ivoire
Gabon
Ghana
Guinea
Liberia
Moçambique
Senegal
Sierra Leone
Tanzania
Uganda
Zambia
France
America
Mali
UK
Foundation
UAE
France
